Forgot your password?
typodupeerror
Security

SkiifGeek's Journal: Microsoft (Multiple) - Remote Hacker Automatic Control

Journal by SkiifGeek

Microsoft (Multiple) - Remote Hacker Automatic Control

        -- Products Affected --
        Windows 2000, XP, 2003
        Internet Explorer
        Visual Studio

        -- Technical Description --
        MS06-072 - Internet Explorer cumulative update. Arbitrary code execution affecting DHTML and active scripting, information disclosure affecting Temporary Internet Files (TIF) folder. Critical.
        MS06-073 - Visual Studio 2005. Arbitrary code execution due to WMI Object Broker ActiveX control. Critical.
        MS06-074 - SNMP implementation error can lead to arbitrary code execution. Important.
        MS06-075 - File Manifest Corruption leading to Privilege Escalation. Important.
        MS06-076 - Outlook Express arbitrary code execution at the local user level. Important.
        MS06-077 - Remote Installation Service arbitrary code execution (Windows 2000 ONLY). Important.
        MS06-078 - Windows Media Format remote arbitrary code execution. This is the .asx playlist issue brought to light in the last couple of weeks, along with another issue. Critical.

        -- Description --
        Microsoft delivered seven patches, instead of the expected six, with the December Security Update released today. Even though less than half of the patches are rated as Critical, almost all vulnerabilities can lead to arbitrary code execution for at least some end users. Notable by omission are the most recent Microsoft Word vulnerabilities for which there are targeted exploit attempts in use.

        -- Recommended Action --
        All users and administrators should apply the updates at the earliest opportunity.

        -- Source --
        http://www.microsoft.com/technet/security/bulletin/ms06-dec.mspx
        http://www.beskerming.com/premium/patch_pack.html
        http://store.eSellerate.net/s.asp?s=STR3448907936&Cmd=CATALOG&CategoryID=9811

        -- Updates Available --
        http://www.microsoft.com/technet/security/bulletin/ms06-072.mspx
        http://www.microsoft.com/technet/security/bulletin/ms06-073.mspx
        http://www.microsoft.com/technet/security/bulletin/ms06-074.mspx
        http://www.microsoft.com/technet/security/bulletin/ms06-075.mspx
        http://www.microsoft.com/technet/security/bulletin/ms06-076.mspx
        http://www.microsoft.com/technet/security/bulletin/ms06-077.mspx
        http://www.microsoft.com/technet/security/bulletin/ms06-078.mspx

        -- External Tracking Data --
        CVE-ID: CVE-2006-5579 (MS06-072)
        CVE-ID: CVE-2006-5581 (MS06-072)
        CVE-ID: CVE-2006-5578 (MS06-072)
        CVE-ID: CVE-2006-5577 (MS06-072)
        CVE-ID: CVE-2006-4704 (MS06-073)
        CVE-ID: CVE-2006-5583 (MS06-074)
        CVE-ID: CVE-2006-5585 (MS06-075)
        CVE-ID: CVE-2006-2386 (MS06-076)
        CVE-ID: CVE-2006-5584 (MS06-077)
        CVE-ID: CVE-2006-4702 (MS06-078)
        CVE-ID: CVE-2006-6134 (MS06-078)

        -- Threat Matrix --
                        U O
        Home User 10 10 (Highly Critical)
        Corporate 10 10 (Highly Critical)

This discussion has been archived. No new comments can be posted.

Microsoft (Multiple) - Remote Hacker Automatic Control

Comments Filter:

Repel them. Repel them. Induce them to relinquish the spheroid. - Indiana University fans' chant for their perennially bad football team

Working...